CheckPoint Checkpoint Certifications 156-315.81 Questions & Answers

• Question 91:

  Which command will allow you to see the interface status?

  A. cphaprob interface

  B. cphaprob interface

  C. cphaprob if

  D. cphaprob stat

  Correct Answer: C

  The cphaprob -a if command displays the interface status of all cluster members, including the interface name, IP address, state, monitor mode, and sync status. References: cphaprob - Check Point Support Center

• Question 92:

  How many images are included with Check Point TE appliance in Recommended Mode?

  A. 2(OS) images

  B. images are chosen by administrator during installation

  C. as many as licensed for

  D. the newest image

  Correct Answer: A

  The Check Point TE appliance in Recommended Mode includes 2(OS) images. One image is used for running the appliance, and the other image is used for backup and recovery purposes. The images are not chosen by the administrator during installation, nor based on the license or the latest version. References: [Check Point R81 Threat Emulation Administration Guide]

• Question 93:

  On R81.20 when configuring Third-Party devices to read the logs using the LEA (Log Export API) the default Log Server uses port:

  A. 18210

  B. 18184

  C. 257

  D. 18191

  Correct Answer: B

  On R81.20, when configuring Third-Party devices to read the logs using the LEA (Log Export API), the default Log Server uses port 18184. This port can be changed using the lea_server command in expert mode. The other ports are either not related to LEA, or used for different purposes, such as 18210 for CPMI, 257 for FW1_log, and 18191 for SIC. References: [Check Point R81 Logging and Monitoring Administration Guide], [Check Point Ports Used for Communication by Various Check Point Modules]

• Question 94:

  Which is the least ideal Synchronization Status for Security Management Server High Availability deployment?

  A. Synchronized

  B. Never been synchronized

  C. Lagging

  D. Collision

  Correct Answer: D

  The least ideal Synchronization Status for Security Management Server High Availability deployment is Collision. This status indicates that both members have modified the same object independently, resulting in a conflict that needs to be resolved manually. The other statuses are either normal or indicate a temporary delay in synchronization. References: High Availability Administration Guide

• Question 95:

  How can SmartView application accessed?

  A. http:///smartview

  B. http://:4434/smartview/

  C. https:///smartview/

  D. https://:4434/smartview/

  Correct Answer: C

  SmartView is a web-based application that allows you to view and analyze logs, reports, and events from multiple Check Point products. You can access SmartView by using the following URL:

  

  You need to use HTTPS protocol and the default port 443. You also need to enter the IP address of the Security Management Server that hosts the SmartView application. You cannot use the host name of the Security Management Server or a different port number. References: SmartView R81 Administration Guide

• Question 96:

  Which CLI command will reset the IPS pattern matcher statistics?

  A. ips reset pmstat

  B. ips pstats reset

  C. ips pmstats refresh

  D. ips pmstats reset

  Correct Answer: D

  The CLI command to reset the IPS (Intrusion Prevention System) pattern matcher statistics is option D: ips pmstats reset. This command will reset the statistics related to the IPS pattern matcher.

  Options A, B, and C are not the correct syntax for resetting the IPS pattern matcher statistics. References: Check Point Certified Security Expert (CCSE) R81 documentation and learning resources.

• Question 97:

  You want to gather and analyze threats to your mobile device. It has to be a lightweight app. Which application would you use?

  A. SmartEvent Client Info

  B. SecuRemote

  C. Check Point Protect

  D. Check Point Capsule Cloud

  Correct Answer: C

  Check Point Protect is a lightweight app that can be used to gather and analyze threats to your mobile device. It provides real-time threat intelligence, device posture assessment, and secure browsing protection3. The other applications are either not designed for mobile devices, or do not offer threat analysis features. References: R81 CCSA and CCSE exams released featuring Promo for... - Check Point ..., Check Point Protect - Apps on Google Play

• Question 98:

  Which packet info is ignored with Session Rate Acceleration?

  A. source port ranges

  B. source ip

  C. source port

  D. same info from Packet Acceleration is used

  Correct Answer: C

  Session Rate Acceleration is a SecureXL feature that accelerates the establishment of new connections by bypassing the inspection of the first packet of each session. Session Rate Acceleration ignores the source port information of the packet, as well as the destination port ranges, protocol type, and VPN information. The other packet info is used by Packet Acceleration, which is another SecureXL feature that accelerates the forwarding of subsequent packets of an established connection. References: SecureXL Mechanism

• Question 99:

  What has to be taken into consideration when configuring Management HA?

  A. The Database revisions will not be synchronized between the management servers

  B. SmartConsole must be closed prior to synchronized changes in the objects database

  C. If you wanted to use Full Connectivity Upgrade, you must change the Implied Rules to allow FW1_cpredundant to pass before the Firewall Control Connections.

  D. For Management Server synchronization, only External Virtual Switches are supported. So, if you wanted to employ Virtual Routers instead, you have to reconsider your design.

  Correct Answer: A

  When configuring Management HA, you have to take into consideration that the Database revisions will not be synchronized between the management servers. Database revisions are snapshots of the database that are created manually or automatically when installing a policy or saving changes. They are stored locally on each management server and are not replicated by Management HA. The other options are either not true or not relevant to Management HA. References: Check Point R81 Installation and Upgrade Guide

• Question 100:

  In R81, how do you manage your Mobile Access Policy?

  A. Through the Unified Policy

  B. Through the Mobile Console

  C. From SmartDashboard

  D. From the Dedicated Mobility Tab

  Correct Answer: A

  In R81, you can manage your Mobile Access Policy through the Unified Policy. The Unified Policy is a single policy that combines access control, threat prevention, data protection, and identity awareness. You can create rules for mobile access in the Unified Policy rulebase and apply them to mobile devices, users, and applications. You can also use the Mobile Access blade to configure additional settings for mobile access, such as authentication methods, VPN settings, and application portal.